IT Audit for SAS70:

Home > Cyber Security Solutions > Various-Security-Offerings > IT Audit/Security Audit > Various Audit Conduct > IT Audit for SAS70

    sas-70-audit-securityUnder SAS 70, auditor reports are classified as either Type I or Type II. In a Type I report, the auditor evaluates the efforts of a service organization at the time of audit to prevent accounting inconsistencies, errors and misrepresentation. The auditor also evaluates the likelihood that those efforts will produce the desired future results. A Type II report includes the same information as that contained in a Type I report; in addition, the auditor attempts to determine the effectiveness of agreed-on controls since their implementation. Type II reports also incorporate data compiled during a specific time period, usually a minimum of six months.

    SAS 70 reports are commissioned at the request of either a service organization (the company) or the user organization (customers). It is in the service organization's best interests to provide consistent service auditor's reports. Positive independent reports build a customer's trust and confidence in the service organization and satisfy any concerns. Furthermore, Type II reports identify any operational areas that need improvement. A lack of current reports, on the other hand, may generate multiple audit requests from the user organization and these audits can be costly for the service organization.

    Valency Networks has helped many firms to become compliant towards SAS-70 certification. Our technically strong auditor’s also possess extensive knowledge in the field of implementing and recording security controls, which is an essential step towards SAS-70 certification.